New Resilience

Products

Who We Serve

Resources

Pricing

About us

Login

Book a demo

New Resilience

New Resilience

Privacy Policy

Privacy Policy

-

Last edited on

1. Introduction

This Privacy Policy explains how New Resilience, Inc. (“New Resilience,” “we,” “us,” or “our”) collects, uses, and discloses personal information in connection with:

  • our websites, including www.newresilience.ai (the “Site”);

  • the New Resilience web application at app.newresilience.ai, our iOS and Android mobile applications, and our API at api.newresilience.ai (together, the “Platform”); and

  • our related products and services and other professional services (together with the Site and Platform, the “Services”).

New Resilience provides a customer-relationship and operations platform built for behavioral-health and addiction-treatment organizations. Our direct customers are those organizations (each, a “Customer”), and the people who use the Platform on a Customer’s behalf are “Authorized Users” (for example, admissions, outreach, and clinical staff).

This Privacy Policy describes how we handle personal information for which we act as a controller — primarily information about Site visitors, prospects, Authorized Users, and business contacts. It is not the governing document for protected health information or other Customer data that we process on a Customer’s behalf; that is covered in Section 4.


2. A note for patients and clients of treatment providers

If you are (or were) a patient, client, prospective client, family member, or referral contact of a treatment provider that uses New Resilience, the provider — not New Resilience — controls your information. We process that information only as a service provider to the provider, under the provider’s instructions and our agreements with them.

To exercise rights over your health or contact information, or to request access, correction, or deletion, please contact the treatment provider directly and review their Notice of Privacy Practices. We will refer requests we receive about provider-controlled information back to the relevant provider.


3. Information we collect

3.1 Information you provide to us

  • Account and profile information — name, work email, phone number, job title, employer/organization, profile details, and credentials (such as a password) you create or that a Customer creates for you.

  • Customer and billing information — organization name, billing contact, plan, and order details. Payment-card details are collected and processed by our third-party payment processor; we do not store full card numbers.

  • Communications — information you provide when you contact us (for example, at support@newresilience.ai or hello@newresilience.ai), request a demo, fill out a form, respond to a survey, or interact with support.

  • Marketing and SMS preferences — your subscription and consent choices, including mobile opt-ins (see Section 8).

3.2 Information we collect automatically when you use the Services

  • Authentication and session data — sign-in events, access and refresh tokens, the client platform you signed in from (web, iOS, or Android), IP address, and timestamps.

  • Device and usage data — device type, operating system, browser, app version, language, pages and screens viewed, features used, referring URLs, and diagnostic, performance, and crash data.

  • Cookies and similar technologies — see Section 9. Our product analytics and telemetry are first-party and routed through our own API; we do not load third-party tracking SDKs that would expose Customer data or protected health information in the browser.

3.3 Information from third parties and connected accounts

  • Connected email and calendar accounts. When an Authorized User connects a Google (Gmail) or Microsoft (Outlook) account, we access the messages, calendar events, and related metadata that the user authorizes, in order to log correspondence with the Customer’s contacts inside the Platform. See Section 3.4.

  • Referral sources and integration partners. We may receive information about contacts and opportunities from sources a Customer connects or uploads.

  • Service providers that help us run our business (for example, analytics, security, and support tools), consistent with this Policy.

3.4 Use of Google and Microsoft user data

New Resilience’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, when a Customer or Authorized User connects a Google account:

  • we access and use Gmail and Google account data only to provide and improve the user-facing correspondence-logging and related features the user enabled;

  • we do not transfer or sell this data except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger or acquisition;

  • we do not use this data for advertising; and

  • we do not allow humans to read this data unless we have the user’s consent for specific messages, it is necessary for security or to comply with law, or the data is aggregated and de-identified.

A substantially equivalent commitment applies to data accessed through Microsoft Outlook integrations under Microsoft’s terms. Authorized Users can disconnect an integration at any time in the Platform’s settings, and can also revoke access from their Google or Microsoft account security settings.

4. Customer Data and protected health information (our role as a Business Associate)

A large portion of what flows through the Platform is Customer Data — information that Customers and their Authorized Users submit, upload, generate, or capture in the Platform about their own contacts, inquiries, clients, and operations. This can include protected health information (“PHI”) as defined under the U.S. Health Insurance Portability and Accountability Act (“HIPAA”), and includes content such as call recordings and transcripts, messages, notes, and admissions records.

With respect to Customer Data and PHI:

  • We act as a service provider / processor and, where applicable, a HIPAA Business Associate to the Customer. We process Customer Data only to provide the Services and on the Customer’s documented instructions, and as permitted by our agreement and Business Associate Agreement (“BAA”) with that Customer.

  • The Customer (for example, the treatment provider) is the controller / covered entity for that data and is responsible for the lawful basis, notices, and authorizations governing it.

  • We maintain PHI within our protected hosting environment, covered by appropriate BAAs with our infrastructure providers, and we do not use or disclose PHI except as the BAA and HIPAA permit.

If there is any conflict between this Privacy Policy and a Customer’s BAA or subscription agreement with respect to PHI or other Customer Data, that agreement and the BAA control.

5. How we use information

We use the personal information described above to:

  • provide, operate, and maintain the Services, including authentication, account management, call recording and transcription, correspondence logging, messaging, scheduling, analytics, and AI-assisted features the Customer enables;

  • secure the Services — detect, investigate, and prevent fraud, abuse, and security incidents, and enforce our terms;

  • support and communicate with Authorized Users and Customers, including service, administrative, and transactional messages;

  • bill and administer subscriptions and process payments through our payment processor;

  • improve and develop the Services, using usage data and aggregated or de-identified data — we do not use Customer Data or PHI to train third-party AI models (see Section 6);

  • market our own products to business prospects and Customers (we do not use PHI or Customer Data for our marketing); and

  • comply with law and legal process, and protect the rights, safety, and property of New Resilience, our Customers, and others.

6. Artificial intelligence features

The Platform includes AI-assisted features (for example, assistants and agents that help draft messages, summarize calls and correspondence, and surface insights). For these features:

  • processing of Customer Data and PHI for AI features occurs within our protected service boundary, under appropriate confidentiality and, where PHI is involved, HIPAA Business Associate terms;

  • where we use third-party AI providers as sub-processors, we contractually prohibit them from using Customer Data or PHI to train or improve their own models;

  • AI outputs are assistive only, may be inaccurate or incomplete, and are not medical advice and not a substitute for professional clinical judgment; and

  • Customers and Authorized Users are responsible for reviewing AI outputs before relying on or acting on them.

7. How we share information

We do not sell personal information, and we do not share it for cross-context behavioral advertising. We disclose personal information only as follows:

  • Service providers and sub-processors that perform services for us — for example, cloud hosting and storage, telephony/SMS delivery, email delivery, payment processing, analytics, and customer support — under contracts that limit their use of the information, and under BAAs where they may handle PHI. A current list of our sub-processors is available on request by emailing support@newresilience.ai.

  • Connected services you direct — for example, the Google or Microsoft accounts an Authorized User connects (Section 3.4).

  • Within a Customer’s account — Authorized Users of the same Customer may see information in their shared workspace; account administrators may access and manage their organization’s data.

  • Legal and safety — when we believe disclosure is required by law, regulation, legal process, or governmental request, or is necessary to protect the rights, property, or safety of New Resilience, our Customers, or others.

  • Business transfers — in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to this Policy.

  • With your consent or at your direction.

We do not share mobile opt-in/SMS consent information with third parties or affiliates for their own marketing purposes (Section 8).

8. Text messaging (SMS)

If you opt in to receive text messages from New Resilience:

  • Message types may include product updates, account notifications, and support replies. Message frequency varies.

  • Message and data rates may apply. Consent is not a condition of any purchase or service.

  • Reply STOP to unsubscribe at any time, and HELP for help.

  • We do not sell or share mobile opt-in information or consent with third parties or affiliates for their marketing purposes.

Separately, when a Customer uses the Platform to send SMS or email to its own contacts, the Customer is responsible for obtaining the consents and honoring the opt-outs required by applicable law (including the TCPA and CAN-SPAM). See our Terms of Service.

9. Cookies and analytics

We use strictly necessary cookies to operate the Site and Platform (for example, to keep you signed in and to maintain security), and first-party analytics to understand and improve usage. We do not use third-party advertising cookies. Most browsers let you control cookies through their settings; blocking some cookies may affect how the Services function. Where required, we honor recognized opt-out preference signals (such as Global Privacy Control).

10. Data retention

We retain personal information for as long as needed to provide the Services, maintain and improve them, comply with our legal obligations, resolve disputes, and enforce our agreements. Customer Data and PHI are retained, returned, or deleted in accordance with the applicable Customer agreement and BAA, including on termination. De-identified and aggregated data may be retained and used without the limits in this Policy.

11. Data security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including:

  • encryption of data in transit and at rest;

  • access controls, authentication, and audit logging, with token-based session management and key rotation;

  • hosting in a protected cloud environment covered by appropriate Business Associate Agreements; and

  • routing of product telemetry through our own infrastructure rather than third-party browser SDKs, to keep Customer data and PHI within our service boundary.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Mobile applications

Our iOS and Android apps may request device permissions to function — for example, microphone access (for call recording and voice notes), notifications, and network access. You can grant or revoke these permissions in your device settings; some features may not work without them. App stores (Apple App Store, Google Play) may also collect information governed by their own privacy policies.

13. Your privacy choices and rights

If your information is controlled by a treatment provider (a Customer), please direct access, correction, deletion, and other requests to that provider (Section 2). For Customer Data, we act on the Customer’s instructions and will refer your request to them.

For information we control, you may:

  • access, update, or delete your account or profile information, or ask us to do so;

  • opt out of marketing emails (via the unsubscribe link) and SMS (reply STOP); and

  • contact us at support@newresilience.ai to exercise applicable rights.

13.1 U.S. state privacy rights (California and other states)

Depending on your state of residence (for example, California, Virginia, Colorado, Connecticut, Utah, Texas, and others), you may have rights to know/access, correct, delete, and port your personal information, and to opt out of sale, sharing for targeted advertising, and certain profiling. We do not sell personal information or share it for cross-context behavioral advertising.

For California residents under the CCPA/CPRA: in the preceding 12 months we have collected the categories of personal information described in Section 3 (identifiers, customer-account and commercial information, internet/usage activity, and professional information), used and disclosed for the purposes in Sections 5–7. You have the right to know, delete, correct, and limit use of sensitive personal information, and the right not to be discriminated against for exercising these rights. Note: PHI handled under HIPAA, and medical information under California’s CMIA, are exempt from the CCPA; requests about that information should go to the relevant provider.

To exercise a right, contact us at support@newresilience.ai. We will verify your request and respond within the time required by law. You may use an authorized agent. If we deny a request, you may appeal by replying to our response or contacting us at the same address.

14. U.S.-based service

New Resilience is based in, and provides the Services from, the United States. Your information will be processed in the United States, where privacy laws may differ from those in your location. By using the Services, you understand that your information will be processed in the United States.

15. Children’s privacy

The Services are business tools intended for use by organizations and their staff, and are not directed to children. We do not knowingly collect personal information from children through the Site or for our own purposes. Any information about minors that appears in Customer Data is handled by the Customer as controller, under its own consents and authorizations and our BAA.

16. Third-party links

The Services may link to third-party websites and services we do not control. This Policy does not apply to them, and we are not responsible for their privacy practices. Review their policies before providing information.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, provide additional notice as required (for example, by email or in-product notice). Your continued use of the Services after an update means you accept the revised Policy.

18. Contact us

New Resilience, Inc.

Privacy requests: support@newresilience.ai

General inquiries: hello@newresilience.ai

New Resilience

Accelerate critical tasks with New Resilience AI products. Let’s explore how New Resilience can support your facility's needs.

Product

Alumni Management

CRM

Community

WHO WE SERVE

SUD/Addiction Treatment Centers

Mental Health Treatment Centers

ABOUT

Contact us

About us

End user license agreement

Terms of Service

Privacy Policy

Copyright © 2026 New Resilience. All rights reserved.